From f4525c51f159bdbc9cee374c5bb6b1158463af7e Mon Sep 17 00:00:00 2001
From: Apostolof <apotwohd@gmail.com>
Date: Sun, 23 Dec 2018 15:30:56 +0200
Subject: [PATCH] Fix various users issues

---
 Database implementation/users/users.sql | 187 ++++++++++++++++++++----
 1 file changed, 156 insertions(+), 31 deletions(-)

diff --git a/Database implementation/users/users.sql b/Database implementation/users/users.sql
index 38023c4..faafc36 100644
--- a/Database implementation/users/users.sql	
+++ b/Database implementation/users/users.sql	
@@ -1,39 +1,164 @@
+DROP USER IF EXISTS 'flavoursSimpleUser'@'localhost';
+DROP USER IF EXISTS 'flavoursSimpleUser'@'%';
+DROP USER IF EXISTS 'flavoursModerator'@'localhost';
+DROP USER IF EXISTS 'flavoursModerator'@'%';
+DROP USER IF EXISTS 'flavoursOwner'@'localhost';
+DROP USER IF EXISTS 'flavoursOwner'@'%';
+FLUSH PRIVILEGES;
+
 # Simple users of the application (aka customers)
-CREATE USER 'user'@'localhost' IDENTIFIED BY 'userPasswd';
-CREATE USER 'user'@'%' IDENTIFIED BY 'userPasswd';
-
-# Users can access, add and update rows for all the tables
-GRANT SELECT, INSERT, UPDATE ON flavours_without_borders.* TO 'user'@'localhost';
-GRANT SELECT, INSERT, UPDATE ON flavours_without_borders.* TO 'user'@'%';
-# except the columns that indicate whether a restaurant/food/drink/diet is approved or not
-REVOKE SELECT, INSERT, UPDATE (restaurant_is_approved) ON flavours_without_borders.restaurant FROM 'user'@'localhost';
-REVOKE SELECT, INSERT, UPDATE (restaurant_is_approved) ON flavours_without_borders.restaurant FROM 'user'@'%';
-REVOKE SELECT, INSERT, UPDATE (food_is_approved) ON flavours_without_borders.food FROM 'user'@'localhost';
-REVOKE SELECT, INSERT, UPDATE (food_is_approved) ON flavours_without_borders.food FROM 'user'@'%';
-REVOKE SELECT, INSERT, UPDATE (drink_is_approved) ON flavours_without_borders.drink FROM 'user'@'localhost';
-REVOKE SELECT, INSERT, UPDATE (drink_is_approved) ON flavours_without_borders.drink FROM 'user'@'%';
-REVOKE SELECT, INSERT, UPDATE (diet_is_approved) ON flavours_without_borders.diet FROM 'user'@'localhost';
-REVOKE SELECT, INSERT, UPDATE (diet_is_approved) ON flavours_without_borders.diet FROM 'user'@'%';
+CREATE USER 'flavoursSimpleUser'@'localhost' IDENTIFIED BY 'flavoursSimpleUserPasswd';
+CREATE USER 'flavoursSimpleUser'@'%' IDENTIFIED BY 'flavoursSimpleUserPasswd';
+
+# Customers should not be able to access the columns that indicate whether a restaurant/food/drink/diet is approved or not
+# we need to grant column-based privileges on these tables
+GRANT SELECT, INSERT, UPDATE (`restaurant_id`, `restaurant_name`, `restaurant_category`, `restaurant_longitude`,
+	`restaurant_latitude`, `restaurant_opening`, `restaurant_closing`)
+    ON flavours_without_borders.restaurant TO 'flavoursSimpleUser'@'localhost';
+GRANT SELECT, INSERT, UPDATE (`restaurant_id`, `restaurant_name`, `restaurant_category`, `restaurant_longitude`,
+	`restaurant_latitude`, `restaurant_opening`, `restaurant_closing`)
+    ON flavours_without_borders.restaurant TO 'flavoursSimpleUser'@'%';
+
+GRANT SELECT, INSERT, UPDATE (`food_id`, `food_name`, `food_description`, `food_calories`, `restaurant_id`)
+	ON flavours_without_borders.food TO 'flavoursSimpleUser'@'localhost';
+GRANT SELECT, INSERT, UPDATE (`food_id`, `food_name`, `food_description`, `food_calories`, `restaurant_id`)
+	ON flavours_without_borders.food TO 'flavoursSimpleUser'@'%';
+
+GRANT SELECT, INSERT, UPDATE (`drink_id`, `drink_name`, `drink_description`, `drink_has_alcohol`, `restaurant_id`)
+	ON flavours_without_borders.drink TO 'flavoursSimpleUser'@'localhost';
+GRANT SELECT, INSERT, UPDATE (`drink_id`, `drink_name`, `drink_description`, `drink_has_alcohol`, `restaurant_id`)
+	ON flavours_without_borders.drink TO 'flavoursSimpleUser'@'%';
+
+GRANT SELECT, INSERT, UPDATE (`diet_id`, `diet_name`, `diet_description`)
+	ON flavours_without_borders.diet TO 'flavoursSimpleUser'@'localhost';
+GRANT SELECT, INSERT, UPDATE (`diet_id`, `diet_name`, `diet_description`)
+	ON flavours_without_borders.diet TO 'flavoursSimpleUser'@'%';
+
+# Users can alter the rows of all other tables, except those implementing the role based access system
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`diet_prohibits_ingredient` TO 'flavoursSimpleUser'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`diet_prohibits_ingredient` TO 'flavoursSimpleUser'@'%';
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`drink_has_ingredient` TO 'flavoursSimpleUser'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`drink_has_ingredient` TO 'flavoursSimpleUser'@'%';
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`food_has_ingredient` TO 'flavoursSimpleUser'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`food_has_ingredient` TO 'flavoursSimpleUser'@'%';
+
+GRANT SELECT, INSERT ON `flavours_without_borders`.`ingredient` TO 'flavoursSimpleUser'@'localhost';
+GRANT SELECT, INSERT ON `flavours_without_borders`.`ingredient` TO 'flavoursSimpleUser'@'%';
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user` TO 'flavoursSimpleUser'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user` TO 'flavoursSimpleUser'@'%';
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_follows_diet` TO 'flavoursSimpleUser'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_follows_diet` TO 'flavoursSimpleUser'@'%';
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_prohibits_ingredient` TO 'flavoursSimpleUser'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_prohibits_ingredient` TO 'flavoursSimpleUser'@'%';
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_drink` TO 'flavoursSimpleUser'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_drink` TO 'flavoursSimpleUser'@'%';
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_food` TO 'flavoursSimpleUser'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_food` TO 'flavoursSimpleUser'@'%';
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_restaurant` TO 'flavoursSimpleUser'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_restaurant` TO 'flavoursSimpleUser'@'%';
 
 # Moderators
-CREATE USER 'moderator'@'localhost' IDENTIFIED BY 'moderatorPasswd';
-CREATE USER 'moderator'@'%' IDENTIFIED BY 'moderatorPasswd';
+CREATE USER 'flavoursModerator'@'localhost' IDENTIFIED BY 'flavoursModeratorPasswd';
+CREATE USER 'flavoursModerator'@'%' IDENTIFIED BY 'flavoursModeratorPasswd';
+
+# Mods have elevated privileges for all other tables, except those implementing the role based access system
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`diet` TO 'flavoursModerator'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`diet` TO 'flavoursModerator'@'%';
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`diet_prohibits_ingredient` TO 'flavoursModerator'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`diet_prohibits_ingredient` TO 'flavoursModerator'@'%';
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`drink` TO 'flavoursModerator'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`drink` TO 'flavoursModerator'@'%';
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`drink_has_ingredient` TO 'flavoursModerator'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`drink_has_ingredient` TO 'flavoursModerator'@'%';
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`food` TO 'flavoursModerator'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`food` TO 'flavoursModerator'@'%';
 
-# Mods have elevated privileges
-GRANT SELECT, INSERT, UPDATE, DELETE ON flavours_without_borders.* TO 'moderator'@'localhost';
-GRANT SELECT, INSERT, UPDATE, DELETE ON flavours_without_borders.* TO 'moderator'@'%';
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`food_has_ingredient` TO 'flavoursModerator'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`food_has_ingredient` TO 'flavoursModerator'@'%';
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`ingredient` TO 'flavoursModerator'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`ingredient` TO 'flavoursModerator'@'%';
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`restaurant` TO 'flavoursModerator'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`restaurant` TO 'flavoursModerator'@'%';
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user` TO 'flavoursModerator'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user` TO 'flavoursModerator'@'%';
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_follows_diet` TO 'flavoursModerator'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_follows_diet` TO 'flavoursModerator'@'%';
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_prohibits_ingredient` TO 'flavoursModerator'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_prohibits_ingredient` TO 'flavoursModerator'@'%';
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_drink` TO 'flavoursModerator'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_drink` TO 'flavoursModerator'@'%';
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_food` TO 'flavoursModerator'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_food` TO 'flavoursModerator'@'%';
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_restaurant` TO 'flavoursModerator'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_restaurant` TO 'flavoursModerator'@'%';
 
 # Owners of restaurants or other stuff (cooks etc.)
-CREATE USER 'owner'@'localhost' IDENTIFIED BY 'ownerPasswd';
-CREATE USER 'owner'@'%' IDENTIFIED BY 'ownerPasswd';
-
-# Owners can access, add and update rows for all the tables
-GRANT SELECT, INSERT, UPDATE ON flavours_without_borders.* TO 'user'@'localhost';
-GRANT SELECT, INSERT, UPDATE ON flavours_without_borders.* TO 'user'@'%';
-# except the columns that indicate whether a restaurant/diet is approved or not
-REVOKE SELECT, INSERT, UPDATE (restaurant_is_approved) ON flavours_without_borders.restaurant FROM 'user'@'localhost';
-REVOKE SELECT, INSERT, UPDATE (restaurant_is_approved) ON flavours_without_borders.restaurant FROM 'user'@'%';
-REVOKE SELECT, INSERT, UPDATE (diet_is_approved) ON flavours_without_borders.diet FROM 'user'@'localhost';
-REVOKE SELECT, INSERT, UPDATE (diet_is_approved) ON flavours_without_borders.diet FROM 'user'@'%';
+CREATE USER 'flavoursOwner'@'localhost' IDENTIFIED BY 'flavoursOwnerPasswd';
+CREATE USER 'flavoursOwner'@'%' IDENTIFIED BY 'flavoursOwnerPasswd';
+
+# Owners should not be able to access the columns that indicate whether a restaurant/diet is approved or not
+# we need to grant column-based privileges on these tables
+GRANT SELECT, INSERT, UPDATE (`restaurant_id`, `restaurant_name`, `restaurant_category`, `restaurant_longitude`,
+	`restaurant_latitude`, `restaurant_opening`, `restaurant_closing`)
+    ON flavours_without_borders.restaurant TO 'flavoursOwner'@'localhost';
+GRANT SELECT, INSERT, UPDATE (`restaurant_id`, `restaurant_name`, `restaurant_category`, `restaurant_longitude`,
+	`restaurant_latitude`, `restaurant_opening`, `restaurant_closing`)
+    ON flavours_without_borders.restaurant TO 'flavoursOwner'@'%';
+
+GRANT SELECT, INSERT, UPDATE (`diet_id`, `diet_name`, `diet_description`)
+	ON flavours_without_borders.diet TO 'flavoursOwner'@'localhost';
+GRANT SELECT, INSERT, UPDATE (`diet_id`, `diet_name`, `diet_description`)
+	ON flavours_without_borders.diet TO 'flavoursOwner'@'%';
+
+# Owners can alter the rows of all other tables, except those implementing the role based access system
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`diet_prohibits_ingredient` TO 'flavoursOwner'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`diet_prohibits_ingredient` TO 'flavoursOwner'@'%';
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`drink_has_ingredient` TO 'flavoursOwner'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`drink_has_ingredient` TO 'flavoursOwner'@'%';
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`food_has_ingredient` TO 'flavoursOwner'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`food_has_ingredient` TO 'flavoursOwner'@'%';
+
+GRANT SELECT, INSERT ON `flavours_without_borders`.`ingredient` TO 'flavoursOwner'@'localhost';
+GRANT SELECT, INSERT ON `flavours_without_borders`.`ingredient` TO 'flavoursOwner'@'%';
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user` TO 'flavoursOwner'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user` TO 'flavoursOwner'@'%';
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_follows_diet` TO 'flavoursOwner'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_follows_diet` TO 'flavoursOwner'@'%';
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_prohibits_ingredient` TO 'flavoursOwner'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_prohibits_ingredient` TO 'flavoursOwner'@'%';
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_drink` TO 'flavoursOwner'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_drink` TO 'flavoursOwner'@'%';
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_food` TO 'flavoursOwner'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_food` TO 'flavoursOwner'@'%';
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_restaurant` TO 'flavoursOwner'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_restaurant` TO 'flavoursOwner'@'%';
 
 # They can however view and alter the columns that indicate whether a food/drink is approved or not!
\ No newline at end of file